[Cryptography] quantum computers & crypto
Christian Huitema
huitema at huitema.net
Sun Nov 7 11:00:06 EST 2021
On 11/7/2021 4:18 AM, Jerry Leichter wrote:
> The fix for this is of course well known: Padding. If you know the entropy of the information carried by the message lengths, you could even compute the minimum amount of equivocation the padding has to introduce to deny an attacker any advantage.
It depends what your goal is. If the goal is to defeat traffic analysis,
padding might help -- with caveats stated previously. If the goal is to
make life harder for a potential crypto attacker trying to quickly check
whether a particular decryption attempt revealed some unknown plain
text, then padding does not help. The attacker will use the presence of
padding as a queue that, yes, it worked. That's very easy to check if he
application used the most popular form of padding, a tail of zeroes.
-- Christian Huitema
More information about the cryptography
mailing list